Reading: Binance Confirms Bitcoin Futures Market Attack Was an ‘Accident’

Ethereum

Ethereum Vulnerability Could Have Allowed Attackers to Drain Hot Wallets

Avatar

Georgi Georgiev | Nov 26, 2018 | 18:00

Ethereum

Ethereum Vulnerability Could Have Allowed Attackers to Drain Hot Wallets

Avatar

Georgi Georgiev | Nov 26, 2018 | 18:00

Send
Share

A recent vulnerability in the Ethereum network could have reportedly allowed hackers to gain massive profits from cryptocurrency exchanges which haven’t set up a Gas usage limit.

A Critical Vulnerability

A group of researchers discovered a vulnerability in Ethereum which allowed attackers to drain exchanges by burning their ETH on high transaction costs or to benefit directly by minting GasToken.

The report details that exchanges which allow parties to withdraw ETH to arbitrary addresses without setting gas usage limit could have been exposed to increased transaction fees. According to the paper, there are two different options of exploiting this vulnerability.

The first option would allow the hacker to drain the unprotected exchange by making it pay for large amounts of transaction fees. The second option would allow the attacker to mint GasToken for substantial profits by simply imposing a small amount of GasToken as a tax for “naïve users.”

Issues Purportedly Patched

Reportedly, the vulnerability only affected exchanges which initiate Ethereum transactions and not such which process them. Furthermore, the report confirms that decentralized exchanges, as well as other venues operating on smart contract transactions initiated by users, remained unaffected. The report also outlined that EVM-based blockchains and Ethereum Classic may also be affected.

According to the official Medium publication, the researchers have already connected to a bulk of the affected exchanges which have supposedly patched the vulnerability.

Additionally, the researchers have given recommendations for exchanges to implement gas limits on all transactions.

Implement reasonable gas limits on all transactions. If any expensive transactions are made, ensure that the user bears the cost. Fees for a given withdrawal should always cover the gas needed. – reads the report.

What do you think of the recently discovered vulnerability and the lack of protection in certain exchanges? Don’t hesitate to let us know in the comments below!

Images courtesy Bitcoinist archives, Shutterstock.

BitStarz Player Lands $2,459,124 Record Win! Could you be next big winner?

Tags: , , , , ,
Send
Share
ethereum network clogged
Ethereum

Ethereum Network Demand High Without ‘Actual ETH...

The ethereum network is facing unprecedented demand, but it is now used for much more than “merely” transferring ETH tokens. A large part of that demand is due to the activity of...

Christine Vasileva | 23 hours ago
ethereum ETH price rally
Ethereum

Ethereum Heads Back Towards $200, New Rally About to Begin?

Monday morning usually begins with tales of woe for ethereum and its altcoin brethren but things are looking a little brighter today. ETH has had a solid weekend with momentum building...

Martin Young | 1 day ago
CryptoKitties Game Launches On The Ethereum Blockchain
Ethereum

Will CryptoKitties New Blockchain Flow Be The Next Ethereum Killer?

One of the first blockchain based games that was most renowned for ‘breaking’ Ethereum back in 2017 is set to return on its own platform. The founders are hoping to revive the...

Martin Young | 4 days ago
Show comments